NIS2 Compliance
without the
friction
ROOTKey maps NIS2 requirements directly onto your existing infrastructure - risk management, incident reporting, business continuity - with verifiable cryptographic proofs.
Compliance Overview
€10M
Maximum fine
or 2% of global annual turnover
24H
Alert deadline
after detection of a significant incident
18
Sectors covered
essential and important entities
Oct'24
Transposition deadline
legal obligation in force across the EU
01 / Mapping
ROOTKey covers the articles that matter
Each platform feature addresses specific directive requirements. Auditable cryptographic evidence - not reports, proofs.
Article 21 · 2(a)
Risk analysis policies
Entities must implement policies for analysing the risks of information systems and security, documented and versioned.
ROOTKey
Immutable policy registry with verifiable hash and blockchain history - retroactive tampering cryptographically impossible.
Article 21 · 2(b)
Incident management
Documented procedures for detection, analysis, containment and response to security incidents with chain of custody.
ROOTKey
Cryptographically signed timestamps for every event. Irrefutable chain of custody, exportable to regulators in seconds.
Article 21 · 2(c)
Business continuity
Backup plans, disaster recovery and crisis management ensuring verifiable operational continuity.
ROOTKey
Recovery Points with ZK integrity proofs - guarantee that backups have not been compromised before they are needed.
Article 21 · 2(e)
Supply chain security
Security in relationships with suppliers and service providers, including access to critical data and information systems.
ROOTKey
Zero-trust by design: every access is authenticated with a cryptographic proof, with no implicit trust in any entity.
Article 21 · 2(j)
Authentication & access control
Multi-factor authentication and secure communication solutions as access protection mechanisms for critical systems.
ROOTKey
MFA with zero-knowledge proofs - strong authentication without exposing credentials, integrated via API on existing systems.
Article 23
Notification obligations
Notification to the CSIRT within 24h (early warning) and 72h (interim report) after detection of a significant incident.
ROOTKey
Logs with immutable timestamps and structured export - verifiable evidence of when the incident was detected, ready in minutes.
02 / Platform
On top of your infrastructure. Not instead of it.
ROOTKey does not replace existing systems. It adds a cryptographic verification layer via API - no migrations, no vendor lock-in.
Auditable cryptographic evidence
Every critical action generates an independent proof, verifiable by external auditors without accessing the original data. Compliance that is proven - not described.
Verifiable recovery points
Backups with blockchain-guaranteed integrity. The regulator asks for evidence; ROOTKey delivers proof - date, content, integrity, all verifiable.
Native zero-trust
No implicit trust in any user, system or network. Every operation authenticated and recorded with a verifiable proof.
Immutable timestamps
Chain of custody for every security event. Prove to the regulator exactly when something happened with irrefutable evidence.
Incident reporting
Structured and exportable logs with cryptographic detection evidence. Meet the 24h deadline of Art. 23 with irrefutable documentation.
Versioned policies
Auditable history of all security policies with an immutable hash per version. Demonstrate maturity evolution to the regulator over time.
03 / Integration
Live in days, not months
Documented REST API, available SDKs, dedicated enterprise support. ROOTKey adapts to your stack - not the other way around.
01
API integration
Documented REST API, SDKs for major languages. Live in days. Without replacing existing infrastructure.
02
Automatic proofs
Every critical event automatically generates an immutable, auditable cryptographic proof. Zero additional operational effort.
03
Instant reporting
Real-time compliance dashboard. Export evidence to regulators in seconds - not weeks of audit work.
Your NIS2 compliance
starts today
Talk to our team. In 30 minutes you'll know exactly where you stand on NIS2 and what ROOTKey resolves - without operational disruption.